Sorry, didn't mean for that message to go to Ger-Volga. Gary Martens -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Gary Martens Sent: Wednesday, April 06, 2011 2:12 PM To: [email protected] Subject: [GV] TOT Seven Tips to Avoid Post-Epsilon Phishing Seven Tips to Avoid Post-Epsilon Phishing Neil Rubenking <http://www.pcmag.com/author-bio/neil-j.-rubenking> *By Neil J. Rubenking <http://www.pcmag.com/author-bio/neil-j.-rubenking> [From PCMag Security Watch] * Unless you live in a cave your e-mail address was probably among the millions exposed in the recent Epsilon data breach <http://www.pcmag.com/article2/0,2817,2383016,00.asp>. It's true that no financial <http://www.pcmag.com/article2/0,2817,2383134,00.asp#> details were released along with the e-mail information, but that doesn't mean you're in the clear. Scammers who've obtained the exposed e-mail addresses now hope you will just /give/ them your financial information. You may very well receive one or more valid e-mail messages from affected vendors, informing you about the breach. You're even more likely to get mail from scammers warning that you need to log in and protect your data. Once you log in on the scammer's fake site, your identity with that vendor is totally pwned. You just bought a flat-screen TV for Joe Scammer! This kind of social engineering attack, called phishing <http://www.pcmag.com/article2/0,2817,2383134,00.asp#>, happens all the time. The Epsilon exploit just gave the scammers a new collection of suckers to bait. Here are seven simple tips to avoid getting reeled in: *Don't click links in e-mail* purportedly from your bank. If the message warns of an account problem that needs your attention, launch your browser and go directly to the bank's site. If you're at all suspicious of a link in an e-mail message, *point the mouse at the link*. Most e-mail clients will reveal the destination URL. A link URL that doesn't match the link's stated destination is a red flag. *Pay attention to the URL* in the browser's Address bar. Many phishing sites don't even try to use believable URLs. Others use warped versions of the true URL, perhaps paypla.com or ebay.something.com. If the URL looks wrong, leave the site and enter the real URL by hand. *Don't register your details.* Yes, you can save time on some vendor Websites <http://www.pcmag.com/article2/0,2817,2383134,00.asp#> by registering with your credit card and other personal details. But that puts your data at the mercy of any hacker who breaches the vendor's security. *Go for the green! * Modern browsers tint the Address bar green when they've validated a site's EV (ExtendedValidation <http://www.pcmag.com/article2/0,2817,2383134,00.asp#>) security certificate. A green Address bar means the site is legitimate. *Use a password management tool* like LastPass 1.72 Premium <http://www.pcmag.com/article2/0,2817,2379308,00.asp> ($12 direct, 5 stars) to store your login credentials. The utility will automatically fill in your credentials at the correct Web site but not at a fraudulent copy. *Install a security suite* that includes effective phishing protection. Norton Internet Security 2011 <http://www.pcmag.com/article2/0,2817,2368876,00.asp> ($69.99 direct for three licenses, 4.5 stars) and BitDefender Total Security 2011 <http://www.pcmag.com/article2/0,2817,2367844,00.asp> ($69.95 direct for three licenses, 3.5 stars) are among the best at phishing detection. Data breaches are going to happen. The Epsilon breach itself has been blamed on a phishing attack. These tips aren't band-aids or quick fixes. Rather, they're words to live by for your new, safer online lifestyle. With care you can avoid being the victim (or the cause) of the next breach. ------------------------------- To unsubscribe from the list, please send an email to [email protected] with the word 'unsubscribe' without the quotes in the subject and the body of the message